US20200322418A1 - Secure remote computer network - Google Patents
Secure remote computer network Download PDFInfo
- Publication number
- US20200322418A1 US20200322418A1 US16/907,421 US202016907421A US2020322418A1 US 20200322418 A1 US20200322418 A1 US 20200322418A1 US 202016907421 A US202016907421 A US 202016907421A US 2020322418 A1 US2020322418 A1 US 2020322418A1
- Authority
- US
- United States
- Prior art keywords
- packets
- client
- network
- data according
- link
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H04L67/18—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/52—Network services specially adapted for the location of the user terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/14—Multichannel or multilink protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0823—Errors, e.g. transmission errors
- H04L43/0829—Packet loss
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0852—Delays
Abstract
Description
- This application is a continuation of Ser. No. 16/729,955, filed on Dec. 30, 2019, which is a continuation of U.S. Ser. No. 16/173,161, filed on Oct. 29, 2018, now U.S. Pat. No. 10,652,310, which is a continuation of U.S. Ser. No. 14/976,565, filed on Dec. 21, 2015, now U.S. Pat. No. 10,148,732, which is a continuation-in-part of U.S. Ser. No. 14/765,115, filed on Jul. 31, 2015, now U.S. Pat. No. 10,484,335, which is a national stage entry of PCT/US2013/025559, filed on Feb. 11, 2013, now published, which claims priority under 35 U.S.C. 119 to U.S. 61/596,883, now abandoned, the contents of all of which are incorporated by reference herein.
- The present invention relates generally to the field of computer networks, and in more particularity, relates to secure, high speed networking between two or more computers using insecure public or private network connections. The secure, remote network provides for the configuration of an encrypted “tunnel” on a user's private network for data packets to pass through an insecure public network without risk of exposure.
- Computers can communicate with one another only when connected together using some form of a communications network. The internet is one such network, which has grown extensively over the past decade, and has the distinct advantage of being able to connect computers together from anywhere in the world. Another type of communications network is a local area networks (“LAN”), which are private networks that typically exist between only a few trusted computers, usually in an office or home. A further example of a computer communications network is a wide area network (“WAN”), which is usually used as a means of communications access to the internet via a wireless radio protocol.
- There are many possible reasons to want remote computers to join a LAN. A LAN itself is often secure, it may contain or have access to important corporate resources at the office, or access to one's personal media or data files in a residential setting. However, once a user attaches to a LAN via a direct internet connection, the LAN is no longer secure. For this reasons, the Virtual Private Network (“VPN”) was created. The VPN is software that appears to be another LAN adapter, but uses encryption technology and methods, and internet connections, to bridge remote computers onto a local area network, without risk of directly connecting the LAN to the public and insecure internet.
-
FIG. 1 illustrates a prior art classic Virtual Private Network 100. In such a network, predefined or rolling algorithms allow a secure connection between acomputer 102 and acorporate server 116. This connection is made over anynetwork 114, which may also be the internet, with security managed by the VPN layer on theclient 108 and theserver 118. Anysoftware clients 104 on theclient computer 102 will see theVPN layer 108 as avirtual network interface 106, appearing no different than the driver for aphysical network interface 112. The VPN encapsulates all traffic sent to it as encrypted, private data, then sends it via a standard network interface anddriver 110 to a physicalnetwork interface device 112, such as a Wi-Fi or Ethernet device. - The VPN data is secure over the
unsecured network 114, using strong encryption. This type of encryption is superior to other standard forms of encryption, because even the structure of the data is hidden from any resource outside of the VPN. The classic VPN typically has pre-shared keys; an administrator will create encryption keys for eachclient computer 102, which are also known to theserver 116. This prevents unauthorized users of the same VPN technology to connect, and it allows an administrator to de-authorize any given user. Some simple VPNs use only a single shared key for all connections. - The classic prior art VPN routes data to a
server 116, which is also physically interfaced 112 to the external,insecure network 114. Theserver 116 communicates via andriver interface 110 to the server part of theVPN 118. It is only within this part of the system that the encrypted data is decrypted. In the classic VPN, theVPN server 118 is responsible for authenticatingVPN clients 108. It will, of course, reply to said clients with encrypted packets, so the communication and traffic is encrypted in both signal directions and is two-way secure. - On the
server 116, theVPN server 118 will also appear as a normal networking device to the server host operating system (“OS”), allowing access to the server'snetwork software layer 110 andnetwork software clients 104 within the server computer, and usually, out via aphysical interface 112 to a securecorporate network 120. - The effect of the classic prior art VPN is that the
remote client computer 104 behaves as if it is in the same building, connected to the securecorporate network 120, as theserver 118 andother client computers 104. Yet, the data from theclient 104 is secure, and thecorporate network 120 is not subject to risk of attack via anopen internet 114 or other insecure connection. A big disadvantage of a classic VPN is its complexity of use. A network administrator is usually needed, to hand out keys, to manage fire walls, etc. Moreover, it is dependent on the central authority for all VPN certifications. Even in a business scenario, managing a VPN and keeping it functional for all remote users can be a complex and problematic task. - In response to these type of issues, and to enable simpler VPNs for home users, a new kind of VPN management has become popular. This new VPN eliminates some or all aspects of a single central server, replacing it with a central manager for VPN certifications, which will let VPN clients rendezvous with one another, but then, at least to some extent, run peer-to-peer as long as the VPN is operating.
FIG. 2 illustrates an example prior art embodiment of this modified VPN 200, which has enjoyed some success as a personal VPN. In this architecture, there is no corporate intranet, simplyclients 102 that wish to merge their local networks together via a VPN. - This network architecture still enlists a
management server 202, but in this instance the server is only for management purposes. Aclient 102 will establish a connection to a web or similarlyaccessible front end 204, which will allow it to define a VPN connection and other clients. Theweb front end 204 informs the VPN Manager of the connection, and it proceeds to direct the clients to establishing a peer-to-peer, authenticated VPN connection. - Some VPNs designed this way will continue to route some traffic through the VPN Manager 206, while others drop the management interface entirely and leave the clients to operate entirely peer-to-peer.
- Another limitation of the typical VPN user is the network itself. Some client devices may have multiple internet connections: WAN, LAN, Wi-Fi, etc. But each of these connections are not necessarily useful at all times, particularly over the course of a day for a traveler. For example, while a Wi-Fi connection may be the best communication means at one location, a WAN may be better for signal transmission at a different location. It may be complex to switch the VPN from interface to interface, and there is usually no way to take advantage of the speed of multiple interfaces when they are available.
- There is a history for using multiple physical interfaces and treating them as a single faster interface. This has historically been called “network bonding.” The use of a bonded set of slower
physical interfaces 112 to create one large, virtual interface is fairly well documented.FIG. 3 shows a typical prior art bonded network interconnect 300. In this system, there is acomputer 102 withclient applications 104 and anetwork interface layer 106 that needs to be connected to the internet or otherfast network 114. However, it only has access toslow connections 304. - Using either a network layer or a
device layer abstraction 302, such a system splits network traffic in some agreed-upon way over multiple point-to-point connections, such as phone lines, to aservice provider 306. Thatservice provider 306 contains a similar network layer ordevice layer 302, which can reassemble the traffic, delivering it to a standardnetwork layer protocol 110, and ultimately, interfaced 112 to thetarget network 114. Examples of this type of architecture include the Integrate Services Digital Network (“ISDN”) standard, and various systems for bonding analog phone modems such as Microsoft Modem Bonding, FatPipe, and others. - To improve upon this prior art, a number of additional features can be built into a VPN system. A more flexible means of establishing the VPN connection, with the option of using readily available public resources and standards is a tangible advancement. Using standards allows the user a choice between public or private resources for this connection. A further goal of the inventive system is an even greater simplification of the VPN setup, and taking the need for a proprietary central server out of the system as a further improvement. A further objection and advancement is to establish a novel means by which the VPN can route though firewalls that can often hinder VPN use in the field. And a final advancement allows dynamic use of any and all available interfaces, optimizing performance across all means of connection between two points on the VPN, and allowing rules to factor in the cost of any interface's use as well.
- Based on the typical complexity of creating, establishing, and maintaining a VPN, there is plenty of room for improvement in this field. Specifically, a VPN can be created dynamically, without the need for expert configuration of the VPN, firewalls, routers, and other networking components. Coupling this with the ability to intelligently use all available bandwidth, and make the best of potentially faulty connections readily permits the ability to create a more ideal VPN for use by remote clients.
- The primary elements of the secure remote computer network include means to configure an encrypted “tunnel” for data packets on a private network to pass through an insecure public network without risk of exposure. In preferred embodiments, the inventive systems and methods provide a robust and simple configuration mechanism, based on existing open standards for Internet “instant” messaging and media delivery that will remove the complexity and unreliability often associated with current VPNs.
- More particularly, the present invention overcomes the disadvantages of the prior art and fulfills the needs described above by providing, in a preferred embodiment, a computer communications network system, comprising (a) at least one switchboard computer in a hub mode in communication connectivity with an external network; (b) at least one switchboard computer in a client mode in communication connectivity with an external network; and (c) a directory service in communication connectivity with an external network; wherein said at least one switchboard computer in a hub mode initiates a connection with said directory service to be registered and made available for said at least one switchboard computer in a client mode to dynamically communicate with said at least one switchboard computer in a hub mode through an external network.
- Another embodiment of the present invention is a computer communications network system, comprising (a) at least one switchboard computer in a hub mode in communication connectivity with an external network, said at least one switchboard computer further comprising a discovery server to monitor external activity, a management data base to record current network communication statistics, a plurality of network address translators, a virtual network interface to communicate with a plurality of client computers, and a virtual private network to encrypt data prior to transmitting said encrypted data to one of said network address translators; (b) at least one switchboard computer in a client mode in communication connectivity with an external network, said at least one switchboard computer further comprising a discovery server to monitor external activity, a management data base to record current network communication statistics, a plurality of network address translators, a virtual network interface to communicate with a plurality of client computers, and a virtual switch and router in communication connectivity with a virtual private network to encrypt data prior to transmitting said encrypted data to one of said network address translators; and (c) a directory service in communication connectivity with an external network; wherein said at least one switchboard computer in a hub mode initiates a connection with said directory service to be registered and made available for said at least one switchboard computer in a client mode to communicate with said at least one switchboard computer in a hub mode through an external network.
- Still another embodiment of the present invention is a method for creating a flexible and secure network connection between two or more computers, having at least one switchboard computer in a hub mode in communication connectivity with an external network; and at least one switchboard computer in a client mode in communication connectivity with an external network; and a directory service in communication connectivity with an external network; the method comprising the steps of (a) initiating from said at least one switchboard computer in a hub mode a connection with said directory service; and (b) registering said at least one switchboard computer in a hub mode a connection with said directory service as available for said at least one switchboard computer in a client mode to dynamically communicate with said at least one switchboard computer in a hub mode through an external network.
-
FIG. 1 illustrates an example prior art computer network architecture having a single VPN client and single VPN server; -
FIG. 2 illustrates an example prior art computer network architecture having more than one VPN client connected to a management server through the internet; -
FIG. 3 illustrates an example prior art computer network architecture having a client computer connected to the internet through a service provider; -
FIG. 4 illustrates the main components of a preferred embodiment of a “Switchboard” VPN network; -
FIG. 5 illustrates the internal design of a preferred embodiment of the Switchboard module; -
FIG. 6A illustrates a preferred embodiment of one mode of client to hub connection via the XMPP or other directory protocol; -
FIG. 6B illustrates another preferred embodiment of another mode of client to hub connection via the XMPP or other directory protocol through a two-hop network; and -
FIG. 7 illustrates an exemplary embodiment of a large private network with multiple hub access points. - Other features and advantages of the present invention are provided in the following detailed description of the invention, which refers to the accompanying drawings.
- The present invention provides in various exemplary embodiments, methods and systems for transmitting data between two computer networks, using multiple, potentially insecure or unreliable connections to deliver the effect of unifying the two networks as one secure network. In addition, it provides an improved method of establishing a virtual private network over insecure or unreliable connections.
- An exemplary embodiment of a
switchboard network 400 system according to the present invention is illustrated inFIG. 4 . The network consists of at least one switchboard inhub mode 404, one or more switchboards in client mode 402, and at least one an Extensible Messaging and Presence Protocol (“XMPP”) or othersimilar directory service 406. Theswitchboard hub mode 404 is similar in some ways to a traditional VPN server, but more so it conceptually functions as a hub, similar to that in an Ethernet network. As such, the hub is not necessarily unique in a switchboard network, and there may be multiple hubs as well as multiple clients. The directory service can be anXMPP 406 or something similar in concept. The directory service can be completely private, hosted on a server appliance computer, or hosted on a public server such as Google Talk. - To describe the operation of an exemplary embodiment of the present inventive switchboard network, the
computer 102 inhub mode 404 initiates making a connection to a directory service such as anXMPP 406, and registering that it (thecomputer 102 in hub mode 404) is available. The XMPP is an open protocol for real-time (e.g., instant) messaging over computer networks. The switchboard is well suited to using the XMPP protocols for directory-based discovery, but this is not the only possible service. Another similar service that might be used by the Switchboard is the Light Directory Access Protocol (“LDAP”). Potential clients may then access that service based on other security protocols, as applicable, and request connection to theswitchboard network 400, via any number of independentphysical interfaces 112 connected to one or more external public or private networks, such as theinternet 114. - The detailed internals of an exemplary embodiment of the
switchboard module 502 are shown inFIG. 5 . The switchboard interface appears to a host computer as another Network Interface Card, via avirtual network interface 504 for the host operating system. AManagement Interface process 512 is presented to adjust the behavior of the switchboard network, based on alocal client 104interface 510, such as an XML remote procedure call (“XML-RPC”). Behaviors are also modified by changes in the active system, discovery of clients or hubs via theDiscovery Server 536, or statistics and other data, which is tracked in theManagement Database 520. - The purpose of the
Discovery Server 536 is to monitor external activity. TheDiscovery Server 536 will communicate with thecentralized XMPP service 406, record changes to theclients 104 attached to a switchboard in server mode, and complete similar management functions. - The purpose of the
Management Database 520 is to record current statistics and other information useful to the network. For example, thedatabase 520 knows the cost, current performance, and expected reliability of every way of connecting between any two nodes in the network. Thus, as illustrated inFIG. 4 , for a client 402 with twophysical interfaces 112 connected to theInternet 114, communicating to ahub 404 with threephysical interfaces 112 also connected to theInternet 114, thedatabase 520 would track statistics on the six possible ways of establishing a connection between the client 402 and thehub 404. - The
actual switchboard module 502 starts, as mentioned, with thevirtual network interface 504. Traffic is routed 506 through a network address translation layer (“NAT”) 508, which allows the host network address space to be independent of the internal routing decisions made by switchboard. TheNAT 508 feeds 514 a virtual router/switch 518, which in the case of client mode will be bypassed.Data 524 from theManagement Database 520 and thediscovery server 536 inform theSocket Packet Scheduler 526. ThisScheduler 526 takes into account quality of service, the number of active links between the hub and each client, the efficiency and cost of each link, and the global load on each hub link, to provide an optimal, packet by packet routing to each client over each available interface. - It is important to note that each
physical link 114 to a client or hub is inherently dynamic. Interfaces may be added, removed, or simply go unreliable, and the switchboard system quickly adapts to any lost or added interfaces 112. So in a practical case, a laptop computer running a Switchboard client over Wi-Fi could be plugged into a gigabit Ethernet connection, and immediately boost the performance of on-going transactions. Or, a PC-Card or USB-based 3D modem could be added, and the laptop computer could then be taken mobile, again without disruption in on-going network transactions. - The output of the
router 528 passes through anoptional compression module 530. This layer will compresstraffic 532 to theVPN 534 that will benefit from compression, and in the other signal direction, expandtraffic 532 from theVPN 534 into the router. TheVPN 534 itself applies encryption to each packet, then sends it down the appropriateInternet Protocol tunnel 538 to anotherNetwork Address Translator 542. This second NAT translates the VPN packet addresses to match the network conventions of the physical network interfaces 112. VPN packets are then sent 110 to theappropriate NICs 112, and then on to eachrespective network 114. - A packet being received by a
hub 404 or client 402 follows this path in reverse. Theexternal network 114 delivers a packet to one or more of thephysical interfaces 112. These are VPN packets, which contain the encrypted private network packets. These run through aNAT 542 and on to theVPN 534 manager. This layer will dismantle the VPN, decrypt the payload, and collect complete data packets. These are then sent on 532 to thecompression module 530 and decompressed if possible. - If operating in a hub mode node, the packet is sent 528 to the
router module 518, and perhaps sent back out to another client node, depending on the routing information for that node. Again, this is optimized in thepacket scheduler 526, by analysis of the performance for all possible links, the quality of service for the particular packet, reliability of each outgoing link, and load balancing of all traffic across the hub. - When the switchboard module is in client mode, the
router 518 is bypassed and the packet is sent directly to thelocal side NAT 508. Similarly, if this is a packet destined for the hub's local network, the router directs it on 514 to thelocal side NAT 508. Network addresses are rationalized here for thelocal network 106, and eventually get routed to local client programs, or possibly back to the internet via a hub firewall. -
FIG. 6A andFIG. 6B illustrate some aspects of thediscovery server 536 described above. As shown inFIG. 6A , a peer-to-peer 600 network may be established between any two of the multiple connections possible on switchboard enabled devices. Thehub 602registers 604 with anXMPP service 606, which can be public or private. Theclient 612 will, at a later time, contact the XMPP orother directory service 606 and ask for a connection to theswitchboard hub 602. These are general purpose protocols inherent in XMPP. In other words, theXMPP service 606 knows nothing specific about the network being established by the switchboard. - In the case of XMPP, the
XMPP service 606 will interrogate theclient 612 andhub 602, and attempts to establish a peer-to-peer link 614 between the two computers. This uses the Jingle protocol, which is intended to encapsulate multimedia data between two systems. Since the Jingle protocol itself does not care about specific contents, the switchboard is taking advantage of this mechanism for real-time streaming to make the VPN connection 614 without the usual complexity of setup. - Jingle connections are set up via the open Interactive Connectivity Establishment (“ICE”) methodology, which can usually manage the complexities of NAT traversal, and thus create the peer-to-peer connection 614 shown in
FIG. 6A . But when ICE cannot establish the connection, theXMPP service 606 can act as an intermediary, creating a two-hop network 620, as shown inFIG. 6B . Based on the fact that theclient 612 andhub 602 have connected to the XMPP service, the ICE protocols can manage ahop 622 through theXMPP service 606, because theXMPP service 606 device can be seen by, or be communicating with, both theclient 612 andhub 602. - It is important to note that the Jingle protocol establishes rapid transport protocol (“RTP”) connections, which are ideal for media streaming, not Transmission Control Protocol/Internet Protocol (“TCP/IP”) connections. TCP/IP connections are normally desired for 2-way data communications, where every data packet sent is acknowledged as received. Such acknowledgement of receipt is not undertaken with RTP connections. This would normally be a problem for a data link such as the switchboard VPN. However, the Switchboard VPN is already managing the possibility of faulty links, and is doing so at a high level. As such, this equates to being an advantage to the switchboard protocol.
- The TCP/IP protocol works great for a reliable or mostly reliable connection. But as packet failures increase, a network can get swamped by retry packets. Moving the management of these problems to a higher, multi-network view in a switchboard, more intelligent decisions can be made about lost packets. Such lost packets could get routed via a different network connection. For example, a lower priority connection might receive a request for multiple missing packets, for transmission efficiency. Similarly, a critical channel that has not yet failed may be moved to a more reliable connection, lowering the traffic burden on the failing connection. In short, the media-friendly connection is actually an advantage for switchboard's means of implementing the VPN.
- A final aspect of the invention is, as mentioned, the non-uniqueness of the hub, versus a server in some prior VPN systems. As shown in
FIG. 7 , the switchboard architecture can be readily scaled up to very larger networks. A largeprivate network 702 may have many different points of access, viaswitchboard hubs 602, to a public network such as the internet 704. Aswitchboard client 612 may accordingly gain access to the private network via anyhub 602. - In such a network, the
directory service 606 will automate the optimization of this connection. Thedirectory 606 itself is periodically updated with statistical information about each hub it lists, including performance and load statistics. Theclient 612, when engaged with thedirectory service 606 in the discovery process, will be able to select anoptimal hub 602, based on the load of thehub 602 and the cost and performance of connection betweenclient 612 andhub 602. - As described above, the inventive system and methods are able to improve the performance of the VPN connection. This is in part resulting from the ability of the computer network to dynamically schedule virtual network traffic over any and/or all available network interfaces, on a packet-by-packet basis. Moreover, in preferred embodiments, the inventive computer network is capable of monitoring its own performance, and using point-to-point performance of each system-to-system path, monitor overall load of the entire VPN, as well as cost and reliability of each connection, and priority of each socket connection to automatically create optimized networks that can significantly improve performance, cost, and reliability of the VPN connections.
- While the present invention is described herein with reference to illustrative embodiments for particular data communication applications, it should be understood that the invention is not limited to those embodiments described. Those having ordinary skill in the art and access to the teachings provided herein will recognize additional applications and embodiments, further modifications, and certain substitution of equivalents, all of which are understood to be within the scope of the claimed invention. Accordingly, the invention is not to be considered as limited by the foregoing description.
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/907,421 US11647069B2 (en) | 2012-02-09 | 2020-06-22 | Secure remote computer network |
Applications Claiming Priority (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201261596883P | 2012-02-09 | 2012-02-09 | |
PCT/US2013/025559 WO2013120069A1 (en) | 2012-02-09 | 2013-02-11 | Secure remote computer network |
US201514765115A | 2015-07-31 | 2015-07-31 | |
US14/976,565 US10148732B2 (en) | 2012-02-09 | 2015-12-21 | Secure remote computer network |
US16/173,161 US10652310B2 (en) | 2012-02-09 | 2018-10-29 | Secure remote computer network |
US16/729,955 US10715583B2 (en) | 2012-02-09 | 2019-12-30 | Secure remote computer network |
US16/907,421 US11647069B2 (en) | 2012-02-09 | 2020-06-22 | Secure remote computer network |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/729,955 Continuation US10715583B2 (en) | 2012-02-09 | 2019-12-30 | Secure remote computer network |
Publications (2)
Publication Number | Publication Date |
---|---|
US20200322418A1 true US20200322418A1 (en) | 2020-10-08 |
US11647069B2 US11647069B2 (en) | 2023-05-09 |
Family
ID=55750022
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/976,565 Active 2033-06-27 US10148732B2 (en) | 2012-02-09 | 2015-12-21 | Secure remote computer network |
US16/173,161 Active US10652310B2 (en) | 2012-02-09 | 2018-10-29 | Secure remote computer network |
US16/729,955 Active US10715583B2 (en) | 2012-02-09 | 2019-12-30 | Secure remote computer network |
US16/907,421 Active 2033-06-15 US11647069B2 (en) | 2012-02-09 | 2020-06-22 | Secure remote computer network |
Family Applications Before (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/976,565 Active 2033-06-27 US10148732B2 (en) | 2012-02-09 | 2015-12-21 | Secure remote computer network |
US16/173,161 Active US10652310B2 (en) | 2012-02-09 | 2018-10-29 | Secure remote computer network |
US16/729,955 Active US10715583B2 (en) | 2012-02-09 | 2019-12-30 | Secure remote computer network |
Country Status (1)
Country | Link |
---|---|
US (4) | US10148732B2 (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11201858B2 (en) * | 2017-06-01 | 2021-12-14 | Kct Holdings, Llc | Apparatus and method for secure router device |
US10666565B2 (en) * | 2018-06-08 | 2020-05-26 | Citrix Systems, Inc. | Method to measure relative QOS gains and to reduce the variance in QOS for similar connections for during bandwidth contention |
US11936522B2 (en) * | 2020-10-14 | 2024-03-19 | Connectify, Inc. | Selecting and operating an optimal virtual private network among multiple virtual private networks |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090086643A1 (en) * | 2007-09-27 | 2009-04-02 | Verizon Services Organization Inc. | Path testing and switching |
CN101599883A (en) * | 2008-07-02 | 2009-12-09 | 上海恩际恩网络科技有限公司 | A kind of safe transmission network system framework based on overlay network |
US20100284275A1 (en) * | 2009-05-08 | 2010-11-11 | Canon Kabushiki Kaisha | Reliable network streaming of a single data stream over multiple physical interfaces |
US20120134257A1 (en) * | 2010-11-29 | 2012-05-31 | Edge Velocity Corporation | Router and rapid response network |
US20120311173A1 (en) * | 2011-05-31 | 2012-12-06 | Broadcom Corporation | Dynamic Wireless Channel Selection And Protocol Control For Streaming Media |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6717938B1 (en) | 1999-04-15 | 2004-04-06 | J2 Global Communications, Inc. | System controlling use of a communication channel |
US5969632A (en) | 1996-11-22 | 1999-10-19 | Diamant; Erez | Information security method and apparatus |
US6081900A (en) | 1999-03-16 | 2000-06-27 | Novell, Inc. | Secure intranet access |
US7181542B2 (en) | 2000-04-12 | 2007-02-20 | Corente, Inc. | Method and system for managing and configuring virtual private networks |
US7340759B1 (en) * | 2000-11-10 | 2008-03-04 | Scientific-Atlanta, Inc. | Systems and methods for adaptive pricing in a digital broadband delivery system |
US20020122228A1 (en) * | 2001-03-01 | 2002-09-05 | Yigal Rappaport | Network and method for propagating data packets across a network |
US20030079018A1 (en) | 2001-09-28 | 2003-04-24 | Lolayekar Santosh C. | Load balancing in a storage network |
JP4121298B2 (en) * | 2002-04-18 | 2008-07-23 | 松下電器産業株式会社 | Communication terminal device and communication control method |
US20100138909A1 (en) * | 2002-09-06 | 2010-06-03 | O2Micro, Inc. | Vpn and firewall integrated system |
US7969873B2 (en) * | 2005-06-22 | 2011-06-28 | Intel Corporation | Data transmission scheme with scheduling optimization for physical channel group |
US8432896B2 (en) | 2005-07-22 | 2013-04-30 | Cisco Technology, Inc. | System and method for optimizing communications between session border controllers and endpoints in a network environment |
DE102007012143A1 (en) | 2007-03-12 | 2008-09-18 | Viprinet Gmbh | Arrangement and method for transmitting a data stream via bundled network access lines, as well as transmitting and receiving auxiliary device and transmitting and receiving method for it |
US20110047583A1 (en) * | 2008-02-25 | 2011-02-24 | Internet Connectivity Group, Inc. | Integrated wireless mobilemedia system |
US8165090B2 (en) | 2008-05-15 | 2012-04-24 | Nix John A | Efficient handover of media communications in heterogeneous IP networks |
US8477228B2 (en) * | 2008-06-30 | 2013-07-02 | Verizon Patent And Licensing Inc. | Camera data management and user interface apparatuses, systems, and methods |
US8707389B2 (en) | 2008-12-04 | 2014-04-22 | Pravala Inc. | Multi-transport mode devices having improved data throughput |
US20100145947A1 (en) * | 2008-12-05 | 2010-06-10 | Bliin B.V. | Method and apparatus for an inventive geo-network |
CN101808168B (en) | 2009-02-17 | 2013-01-16 | 中兴通讯股份有限公司 | Enterprise telephone exchange platform and call processing method |
US8549614B2 (en) | 2009-12-04 | 2013-10-01 | Cisco Technology, Inc. | Establishing internet protocol security sessions using the extensible messaging and presence protocol |
US8332626B2 (en) * | 2010-04-15 | 2012-12-11 | Ntrepid Corporation | Method and apparatus for authentication token-based service redirection |
WO2011153618A2 (en) | 2010-06-09 | 2011-12-15 | Pravala Inc. | Transmitting data over a plurality of different networks |
US8954591B2 (en) | 2011-03-07 | 2015-02-10 | Cisco Technology, Inc. | Resource negotiation for cloud services using a messaging and presence protocol |
US8825964B1 (en) * | 2011-09-26 | 2014-09-02 | Emc Corporation | Adaptive integration of cloud data services with a data storage system |
US9838319B2 (en) | 2011-09-26 | 2017-12-05 | Wilmerding Communications Llc | Encapsulation system featuring an intelligent network component |
-
2015
- 2015-12-21 US US14/976,565 patent/US10148732B2/en active Active
-
2018
- 2018-10-29 US US16/173,161 patent/US10652310B2/en active Active
-
2019
- 2019-12-30 US US16/729,955 patent/US10715583B2/en active Active
-
2020
- 2020-06-22 US US16/907,421 patent/US11647069B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090086643A1 (en) * | 2007-09-27 | 2009-04-02 | Verizon Services Organization Inc. | Path testing and switching |
CN101599883A (en) * | 2008-07-02 | 2009-12-09 | 上海恩际恩网络科技有限公司 | A kind of safe transmission network system framework based on overlay network |
US20100284275A1 (en) * | 2009-05-08 | 2010-11-11 | Canon Kabushiki Kaisha | Reliable network streaming of a single data stream over multiple physical interfaces |
US20120134257A1 (en) * | 2010-11-29 | 2012-05-31 | Edge Velocity Corporation | Router and rapid response network |
US20120311173A1 (en) * | 2011-05-31 | 2012-12-06 | Broadcom Corporation | Dynamic Wireless Channel Selection And Protocol Control For Streaming Media |
Also Published As
Publication number | Publication date |
---|---|
US10148732B2 (en) | 2018-12-04 |
US20200137146A1 (en) | 2020-04-30 |
US10652310B2 (en) | 2020-05-12 |
US20190068688A1 (en) | 2019-02-28 |
US10715583B2 (en) | 2020-07-14 |
US11647069B2 (en) | 2023-05-09 |
US20160112495A1 (en) | 2016-04-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10484335B2 (en) | Secure remote computer network | |
US7260599B2 (en) | Supporting the exchange of data by distributed applications | |
US11647069B2 (en) | Secure remote computer network | |
US7739384B2 (en) | System and method for load balancing | |
US7461157B2 (en) | Distributed server functionality for emulated LAN | |
US20160119165A1 (en) | Methods and systems to manage network connections | |
US8971335B2 (en) | System and method for creating a transitive optimized flow path | |
US7376743B1 (en) | Method and apparatus for load balancing in a virtual private network | |
JP2022550356A (en) | Methods, systems, and computer-readable media for providing multi-tenant software-defined wide area network (SD-WAN) nodes | |
US11310146B1 (en) | System and method for optimal multiserver VPN routing | |
US7831715B2 (en) | Communication system, communication method, and program | |
US20090059837A1 (en) | System and method for management and administration of repeaters and antenna systems | |
US20230208746A1 (en) | Cross datacenter communication using a mesh gateway | |
CN111435922B (en) | Bandwidth sharing method | |
US20030005147A1 (en) | IP/HDLC addressing system for replacing frame relay based systems and method therefor | |
US20210250202A1 (en) | System, method and use of software-defined virtual multi-service tunnel networking | |
US20130086218A1 (en) | Proxy Server For Home Network Access | |
KR102648720B1 (en) | Traffic transmission system based on dynamic tunneling communication, and signaling method of the same | |
JP2011160286A (en) | Call control server, relay server, vpn device, vpn communication system, vpn networking method, program, and storage medium | |
AU2020229738A1 (en) | System and method for managing network traffic | |
US20090052446A1 (en) | Communications Interface | |
CN115883256B (en) | Data transmission method, device and storage medium based on encryption tunnel | |
KR101308089B1 (en) | Ipsec vpn system and method for supporing high availability | |
Perumal et al. | Tunneling Compressed Multiplexed Traffic Flows (TCM-TF) Reference Model draft-saldana-tsvwg-tcmtf-06 | |
Navajas et al. | Transport Area Working Group J. Saldana Internet-Draft University of Zaragoza Intended status: Best Current Practice D. Wing Expires: December 12, 2014 Cisco Systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO SMALL (ORIGINAL EVENT CODE: SMAL); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
AS | Assignment |
Owner name: CONNECTIFY, INC., PENNSYLVANIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PRODOEHL, BRIAN;LEWANDA, DAVID;GIZIS, ALEX;AND OTHERS;REEL/FRAME:055165/0529 Effective date: 20151221 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: ADVISORY ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |